Tuesday, June 10, 2014

Microsoft Security Bulletin for June 2014

Microsoft released seven (7) bulletins.  Two of the bulletins are identified as Critical with the remaining five as Important.

The updates address 66 Common Vulnerability & Exposures (CVEs) in Microsoft Word, Office and Internet Explorer.  Of those CVEs, the update to Internet Explorer addresses 59 items, including CVE-2014-1770.  Note, however, that Microsoft is not aware of any impact to customers of the CVE's addressed in the updates.


  • MS14-035 -- Cumulative Security Update for Internet Explorer (2969262)
  • MS14-036 -- Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
  • MS14-034 -- Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
  • MS14-033  -- Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
  • MS14-032 -- Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)
  • MS14-031 -- Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
  • MS14-030 -- Vulnerability in Remote Desktop Could Allow Tampering (2969259)


The W32/Necurs rootkit was added to detection.  The Necurs rootkit components have drivers that try to block security products during every stage of Windows startup.  For information about the Necurs rootkit see the MMPC blog post, MSRT June 2014 – Necurs.

The updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

Windows XP and Windows 8.1

As has been widely publicized, support for Windows XP and Office 2003 have ended.  Thus, there will be no further security updates for those products.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Although Microsoft has stopped providing Microsoft Security Essentials for download, that definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.

Important note for Windows 8.1 users:  Windows 8.1 Update Requirement Extended


The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: