Microsoft Security Bulletin: July 2014 Release
Welcome to the first security bulletin of the new financial year! The table below list the updates in order of severity. Please make sure you check them out and apply to your environments as necessary.
Bulletin ID |
Bulletin Title and Executive Summary |
Maximum Severity Rating and Vulnerability Impact |
Restart Requirement |
Affected Software |
|---|---|---|---|---|
Cumulative Security Update for Internet Explorer (2975687) This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
Critical Remote Code Execution |
Requires restart |
Microsoft Windows, Internet Explorer |
|
Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Critical Remote Code Execution |
May require restart |
Microsoft Windows |
|
Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses a vulnerability in a low integrity process to execute the On-Screen Keyboard (OSK) and upload a specially crafted program to the target system. |
Important Elevation of Privilege |
Requires restart |
Microsoft Windows |
|
Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs onto a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. |
Important Elevation of Privilege |
Requires restart |
Microsoft Windows |
|
Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681) This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged on user. By default, the modern, immersive browsing experience on Windows 8 and Windows 8.1 runs with Enhanced Protected Mode (EPM). For example, customers using the touch-friendly Internet Explorer 11 browser on modern Windows tablets are using Enhanced Protected Mode by default. Enhanced Protected Mode uses advanced security protections that can help mitigate against exploitation of this vulnerability on 64-bit systems. |
Important Elevation of Privilege |
May require restart |
Microsoft Windows |
|
Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Microsoft operating system. For an affected system to be vulnerable Microsoft Service Bus must first be downloaded, installed, and configured, and then its configuration details (farm certificate) shared with other users. |
Moderate Denial of Service |
Does not require restart |
Microsoft Server Software |
For more information make sure you check out the Security Update guidance for management and if you are an IT Pro interested in improving your security posture make sure you check out the IT Pro Security Community on TechNet.
Jeffa