Monthly Security Bulletin Briefing - Microsoft€¦ · Bulletin Briefing May 2014 Customer Version...

1

Monthly Security

Bulletin Briefing

May 2014

Customer Version

CSS Security Worldwide Programs

• Teresa Ghiorzoe Security Program Manager- GBS LATAM

• Daniel Mauser

Senior Technical Lead - LATAM CTS

Blog de Segurança: http://blogs.technet.com/b/risco/

Twitter: LATAMSRC

Email: [email protected]

CSS Security Worldwide Programs Slide 2

Security Bulletin Release Overview May 2014

Appendix

• Public Webcast Details

• Manageability Tools

Reference

• Related Resources

Critical Important

2 6

New

Security

Bulletins 8

Security

Advisories 3 Rereleased

Security

Advisory 1


Security Bulletin Release Overview May 2014

Bulletin Impact Component Severity Priority Exploit

Index

Publicly

Known

Publicly

Exploited

MS14-022

Remote

Code

Execution

SharePoint Critical 2 1 No No

MS14-023

Remote

Code

Execution

Office Important 2 1 No No

MS14-024

Security

Feature

Bypass

Common

Control Important 1 NA No Yes

MS14-025 Elevation of

Privilege Group Policy Important 1 1 Yes Yes

MS14-026

Remote

Code

Execution

.NET Important 3 1 No No

MS14-027 Elevation of

Privilege Windows Important 2 1 No Yes

MS14-028 Denial of

Service iSCSI Important 3 3 No No

MS14-029

Remote

Code

Execution

IE Critical 1 1 No Yes


Affected Software • Microsoft SharePoint Server 2007

• Microsoft SharePoint Server 2010

• Microsoft SharePoint Server 2013

• Microsoft Project Server 2010

• Microsoft Project Server 2013 and Microsoft Office Web Apps

2010

• Microsoft Office Services and Microsoft Office Web Apps Server

2013

• Microsoft SharePoint Services 3.0

• Microsoft SharePoint Foundation 2010

• Microsoft SharePoint Foundation 2013

• Microsoft SharePoint Designer 2007





• SharePoint Server 2013 Client Components SDK

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS13-067

MS13-100

MS14-017

None

Uninstall Support This security update cannot

be uninstalled.

Restart Requirement • A restart may be required

Detection and Deployment

WU MU MBSA WSUS ITMU SCCM After you install this security update on all

SharePoint servers, you have to run the PSconfig

tool to complete the installation process No Yes Yes Yes Yes Yes

Vulnerabilities in Microsoft SharePoint Server Could Allow

Remote Code Execution (2952166) MS14-022


Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable

Slide 5

Vulnerability Details • Related remote code execution vulnerabilities (CVE-2014-0251) exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited any of

these related vulnerabilities could run arbitrary code in the security context of the W3WP service account.

• An elevation of privilege vulnerability (CVE-2014-1754) exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow

an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

• A remote code execution vulnerability (CVE-2014-1813) exists in Microsoft Web Applications. An authenticated attacker who successfully exploited this

vulnerability could run arbitrary code in the security context of the W3WP service account.

CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory

CVE-2014-0251 Critical Remote Code Execution 1 1 * No No None

CVE-2014-1754 Important Elevation of Privilege 1 NA * No No None

CVE-2014-1813 Important Remote Code Execution 1 1 * No No None

Attack Vectors An authenticated attacker could attempt to

exploit any of these related vulnerabilities by

sending specially crafted page content to a

SharePoint server.

Mitigations • To exploit this vulnerability, an attacker must

be able to authenticate on the target

SharePoint site. Note that this is not a

mitigating factor if the SharePoint site is

configured to allow anonymous users to

access the site. By default, anonymous access

is not enabled.

• CVE-2014-1754 Microsoft has not identified

any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any

workarounds for this vulnerability

Vulnerabilities in Microsoft SharePoint Server Could Allow

Remote Code Execution (2952166) MS14-022



Affected Software:

• Microsoft Office 2007 (Grammar Checker for Chinese)

• Windows Office 2010 (Grammar Checker for Chinese)

• Microsoft Office 2013

• Microsoft Office 2013 RT

Severity | Important

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS13-104 or

None None

Restart Requirement

• A restart may be

required.

Uninstall Support

• Use the Add or Remove

Programs Control Panel applet.

• Office 2010 – update cannot be

removed Detection and Deployment

WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced with

Windows Update, Microsoft Update, and the Windows

Store No Yes Yes Yes Yes Yes

Vulnerability in Microsoft Office Could Allow Remote Code

Execution (2961037) MS14-023



Slide 7

Vulnerability in Microsoft Office Could Allow Remote Code

Execution (2961037) MS14-023

Vulnerability Details:

• A remote code execution vulnerability (CVE-2014-1756) exists in the way that affected Microsoft Office software handles the

loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an

affected system.

• An information disclosure vulnerability (CVE-2014-1808) exists when affected Microsoft Office software does not properly handle a

specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully

exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted Microsoft online

service.


CVE-2014-1756 Important Remote Code Execution 1 1 * No No 2269637

CVE-2014-1808 Important Information Disclosure 3 3 * No No None

Attack Vectors

• Attacker convinces user to open an Office

file located in same network directory as a

specially crafted .dll file

• Email vector – attacker sends Office

attachment, then convinces user to place

attachment in same directory as specially

crafted .dll file.

CVE-2014-1808 — Attacker hosts a malicious

website utilizing the vulnerability, then

convinces users to visit the site.

• Attacker takes advantage of

compromised websites and/or sites

hosting ads from other providers.

Mitigations

CVE-2014-1756 — user must visit an

untrusted network location or WebDAV

share and open Office related file.

• Users whose accounts are configured to

have fewer user rights on the system

could be less impacted than users who

operate with administrative user rights.

CVE-2014-1808 — vulnerability can’t be

exploited automatically through email.

• User has to be persuaded to visit

malicious site, typically via URL in IM or

email leading to attacker’s website.

Workarounds

CVE-2014-1756

• Disable loading of libraries from

WebDAV and remote network

shares — Details are listed in MS14-

023

• Disable the WebClient service

• Block TCP ports 139 and 445 at the

firewall

CVE-2014-1808 no workaround


Vulnerability in a Microsoft Common Control Could Allow

Security Feature Bypass (2961033)

MS14-024

Affected Software • Office 2007

• Office 2010

• Office 2013

• Office 2013 RT


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS12-060 None

Restart Requirement

• A restart may be

required

Uninstall Support

• Use Add or Remove

Programs in Control Panel Detection and Deployment

WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced with

Windows Update, Microsoft Update, and the Windows

Store No Yes Yes Yes Yes Yes


Vulnerability in a Microsoft Common Control Could Allow

Security Feature Bypass (2961033) MS14-024

Vulnerability Details

• A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software

does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the

ASLR security feature, which helps protect users from a broad class of vulnerabilities.


CVE-2014-1809 Important Security Feature Bypass NA NA * No Yes None

Attack Vector • Attacker hosts a malicious website

utilizing the vulnerability, then convinces

users to visit the site. Also could embed

an ActiveX control marked "safe for

initialization" in an application or Office

file that hosts the IE rendering engine.



hosting ads from other providers or that

accept user provided content.

Mitigations

• Can’t be exploited automatically via email,

opening an attachment is necessary.

• An attacker would have to convince users

to take action, typically by getting them to

click a link in an email message or instant

message that takes users to the attacker’s

website, and then convince them to open

the specially crafted Office file.

Workarounds

• Microsoft has not identified any

workarounds for this vulnerability.


Affected Software

• Windows Vista

• Windows Server 2008

• Windows 7

• Windows Server 2008 R2

• Windows 8 and 8.1

• Windows Server 2012 and 2012 R2


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 None

Existing GPOs using

these GP

preferences should

be removed

Restart Requirement

• A restart may be required

Uninstall Support

• Use Add or Remove Programs

in Control Panel


WU MU MBSA WSUS ITMU SCCM Note: This update is available on Microsoft

Download Center and Windows Update Catalog No No Yes Yes Yes Yes


Vulnerability in Group Policy Preferences Could Allow

Elevation of Privilege (2962486) MS14-025

Vulnerability in Microsoft XML Core Services Could Allow

Information Disclosure (2916036)



• An elevation of privilege vulnerability exists in the way that Active Directory distributes passwords that are configured using Group

Policy preferences. An authenticated attacker who successfully exploited the vulnerability could decrypt the passwords and use

them to elevate privileges on the domain.


CVE-2014-1812 Important Elevation of Privilege 1 1 * Yes Yes No

Attack Vectors • To exploit the vulnerability, an attacker

would first need to gain access to an

authenticated user account on the

domain. If a GPO is configured using

Group Policy preferences to set a local

administrative password or define

credentials to map a network drive,

schedule a task, or configure the

running context of a service, an

attacker could then retrieve and

decrypt the password stored with

Group Policy preferences.

Mitigations

• An attacker must be authenticated

within a domain to execute this attack.

Workarounds




Slide 11

MS14-025 Vulnerability in Group Policy Preferences Could Allow

Elevation of Privilege (2962486)

Affected Software

• Microsoft .NET Framework 1.1 SP1

• Microsoft .NET Framework 2.0 SP2

• Microsoft .NET Framework 3.5

• Microsoft .NET Framework 3.5.1

• Microsoft .NET Framework 4

• Microsoft .NET Framework 4.5

• Microsoft .NET Framework 4.5.1

On all supported edition of:


• Windows Vista


• Windows 7




• Windows RT and RT 8.1


Deployment

Priority Update Replacement

More Information

and / or

Known Issues

3 MS14-009 None

Restart Requirement


Uninstall Support

• Use Add or Remove Programs in

Control Panel

Note: Windows RT devices can only be serviced with Windows Update,

Microsoft Update, and the Windows Store.

WU MU MBSA WSUS ITMU SCCM

Yes Yes Yes Yes Yes Yes


Vulnerability in .NET Framework Could Allow Elevation of

Privilege (2958732) MS14-026

Vulnerability in Microsoft XML Core Services Could Allow

Information Disclo



• An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed

objects.


CVE-2014-1806 Important Elevation of Privilege 1 1 * No No No

Attack Vectors • An unauthenticated attacker could send

specially crafted data to an affected

workstation or server that uses .NET

Remoting, allowing the attacker to execute

arbitrary code on the targeted system

Mitigations

• .NET Remoting endpoints are not

accessible to anonymous clients by

default.

Workarounds

Enable security when registering a

channel.

For more information see Authentication

with the TCP channel

http://msdn.microsoft.com/library/59haf

wyt


Slide 13

MS14-026 Vulnerability in .NET Framework Could Allow Elevation of

Privilege (2958732)

Affected Software


• Windows Vista


• Windows 7




• Windows RT and RT 8.1


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS10-007

MS12-048 None

Restart Requirement

• A restart is required

Uninstall Support


in Control Panel


WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced

with Windows Update, Microsoft Update, and the

Windows Store Yes Yes Yes Yes Yes Yes


Vulnerability in Windows Shell Handler Could Allow Elevation

of Privilege (2962488) MS14-027



• An elevation of privilege vulnerability exists when the Windows Shell improperly handles file associations. An attacker who

successfully exploited this vulnerability could run arbitrary code in the context of the Local System account. An attacker could then

install programs; view, change, or delete data; or create new accounts with full administrative rights.


CVE-2014-1807 Important Elevation of Privilege 1 1 * No Yes No

Attack Vectors • To exploit this vulnerability, an

attacker would first have to log on to

the system. An attacker could then run

a specially crafted application

designed to elevate privileges.

Mitigations

• An attacker must have valid logon

credentials and be able to log on locally

to exploit this vulnerability.

Workarounds




Slide 15

MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation

of Privilege (2962488)

Affected Software

• Windows Server 2008 x86, x64

• Windows Server 2008 R2 x64



Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 None

No security update

available for Server

2008

Restart Requirement


Uninstall Support


in Control Panel


WU MU MBSA WSUS ITMU SCCM The architecture to properly support the fix

provided in the update does not exist on

Windows Storage Server 2008 systems, making it

infeasible to build the fix for Windows Storage

Server 2008. Yes Yes Yes Yes Yes Yes


Vulnerabilities in iSCSI Could Allow Denial of Service

(2962485) MS14-028



• Two denial of service vulnerabilities exist in the way that affected operating systems handle iSCSI packets or connections. An

attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.


CVE-2014-0255 Important Denial of Service 3 3 T No No No

CVE-2014-0256 Important Denial of Service 3 3 T No No No

Attack Vectors • An attacker could exploit the

vulnerability by creating a large

number of specially crafted iSCSI

packets and sending the packets to

affected systems over a network.

Mitigations

• This vulnerability only affects servers for

which the iSCSI target role has been

enabled. By default the iSCSI target role

is not enabled on any of these OS.

Workarounds

• Limit the attack surface from untrusted

networks by placing iSCSI on its own

isolated network, separate from any

network on which internet traffic flows.

• Configure your firewall to restrict access

to TCP port 3260 to authorized iSCSI

client IP addresses


Slide 17

MS14-028 Vulnerabilities in iSCSI Could Allow Denial of Service

(2962485)

Affected Software • Internet Explorer 6 on Windows Server 2003

• Internet Explorer 7 on Windows Server 2003, Windows

Vista, and Windows Server 2008

• Internet Explorer 8 on Windows Server 2003, Windows

Vista, Windows Server 2008, Windows 7, and Windows

Server 2008 R2

• Internet Explorer 9 on Windows Vista, Windows Server

2008, Windows 7, and Windows Server 2008 R2

• Internet Explorer 10 on Windows 7, Windows Server 2008

R2, Windows 8, Windows Server 2012, and Windows RT

• Internet Explorer 11 on Windows 7, Windows Server 2008

R2, Windows 8.1, Windows Server 2012 R2, and Windows

RT 8.1

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS14-021

Not a cumulative

update. Requires

MS14-018 on most

platforms

Restart Requirement

• A restart is required

Uninstall Support

• Use Add or Remove

Programs in Control Panel


WU MU MBSA WSUS ITMU SCCM This update includes the fix for CVE-2014-1776,

first addressed by the MS14-021 out-of-band

security update on May 1. Yes Yes Yes Yes Yes Yes


Security Update for Internet Explorer (2962482) MS14-029



• Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities

could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


CVE-2014-0310 Critical Remote Code Execution 1 1 * No No No

CVE-2014-1815 Critical Remote Code Execution 1 1 * No Yes No

Attack Vectors • Attacker hosts a malicious website

utilizing the vulnerability, then

convinces users to visit the site.



hosting ads from other providers.

Mitigations

• Attacker would have to convince users to take

action, typically by getting them to click a link in an

email message or in an Instant Messenger message

that takes users to the attacker's website, or by

getting them to open an attachment sent through

email. No way for attacker to force user to view

malicious content.

• Exploitation only gains the same user rights as the

logged-on account.

• By default, all Microsoft email clients open HTML

email messages in the Restricted Sites zone.

• By default, Internet Explorer runs in a restricted

mode for all Windows Servers.

Workarounds

• Set Internet and Local intranet

security zone settings to "High" to

block ActiveX Controls and Active

Scripting in these zones.

• Configure Internet Explorer to

prompt before running Active

Scripting or to disable Active

Scripting in the Internet and Local

intranet security zone.

• Add sites that you trust to the

Internet Explorer Trusted sites zone.


Slide 19

MS14-029 Security Update for Internet Explorer (2962482)


Update for Disabling RC4 in .NET TLS (2960358) Security

Advisory

Executive Summary

Microsoft is announcing the availability of an update for Microsoft .NET Framework that

disables RC4 in Transport Layer Security (TLS) through the modification of the system registry.

Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover

plaintext from encrypted sessions.

Recommendations

Microsoft recommends that customers download and test the update before deploying it in

their environments as soon as possible. The update is available from the Microsoft Download

Center. For information on how to manually apply the update, see Microsoft Knowledge Base

Article 2960358.

More Information

Microsoft Security Advisory 2960358

https://technet.microsoft.com/library/2960358.aspx

Pre-installation of the 2868725 update, released in November, 2013, is a prerequisite for

installing the updates addressed in this bulletin, with the exception of those updates applying

to Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information about

the prerequisite update, see Microsoft Knowledge Base Article 2868725.

http://go.microsoft.com/fwlink/?LinkId=21129


http://support.microsoft.com/kb/2960358



https://technet.microsoft.com/en-us/library/2960358.aspx



Update Rollup of Revoked Non-Compliant UEFI Modules (2962824) Security

Advisory

Executive Summary

With this advisory, Microsoft is revoking the digital signature for one private, third-party UEFI (Unified

Extensible Firmware Interface) module that could be loaded during UEFI Secure Boot.

This UEFI (Unified Extensible Firmware Interface) module could be loaded during UEFI Secure Boot.

When the update is applied, the affected UEFI module will no longer be trusted and will no longer

load on systems where UEFI Secure Boot is enabled. The affected UEFI module consists of a specific

Microsoft-signed module that is not in compliance with our certification program and is being

revoked at the request of the author.

Microsoft is not aware of any misuse of the affected UEFI module. Microsoft is proactively revoking

this non-compliant module as part of ongoing efforts to protect customers. This action only affects

systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that

are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is

enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled.

Recommendations

Microsoft recommends that customers apply the update at the earliest opportunity after ensuring

that their systems are not using any of the affected UEFI modules. The update is available through

Microsoft Update. In addition, the update is available on the Download Center as well as the

Microsoft Update Catalog for Windows 8, Windows Server 2012, Windows 8.1, and Windows Server

2012 R2.

More Information

Warning Customers who apply this update on a system that is using one of the affected UEFI

modules risk delivering the system into a non-bootable state. Microsoft recommends that all

customers apply this update after ensuring they are running up-to-date UEFI modules. Customers

with concern that they may be using an affected UEFI module should consult the "What does this

update do?" and the "What revoked digital signatures are addressed by this Update Rollup of

Revoked Non-compliant UEFI modules?" advisory FAQs for information on affected UEFI modules.

Microsoft Security Advisory 2962824


http://go.microsoft.com/fwlink/?LinkID=40747

http://www.microsoft.com/download/default.aspx




Update to Improve Credentials Protection and Management (2871997) Security

Advisory

Executive Summary

Microsoft is announcing the availability of an update for supported editions of Windows 8 for

32-bit Systems, Windows 8 for x64-based Systems, Windows RT, Windows Server 2012,

Window 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for

x64-based Systems, and Windows 2008 R2 for Itanium-based Systems that improves

credential protection and domain authentication controls to reduce credential theft. This

update provides additional protection for the Local Security Authority (LSA), adds a restricted

admin mode for Credential Security Support Provider (CredSSP), introduces support for

protected account-restricted domain user category, and enforces stricter authentication

policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

machines as clients.

Recommendations Microsoft recommends that customers apply the update immediately using update

management software, or by checking for updates using the Microsoft Update service.

More Information Microsoft Security Advisory 2871997






(2755801) Update for Vulnerabilities in Adobe Flash Player in

Internet Explorer

Rereleased

Security

Advisory

What Has Changed?

Microsoft updated this advisory to announce the availability of a new update for Adobe Flash

Player. On May 13, 2014, Microsoft released an update (KB2957151) for Internet Explorer 10

on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on

Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the

vulnerabilities described in Adobe Security bulletin APSB14-14. For more information about

this update, including download links, see Microsoft Knowledge Base Article 2957151.

Executive Summary

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet

Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT,

Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the

vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained

within Internet Explorer 10 and Internet Explorer 11.

Recommendations

Microsoft recommends that customers apply the current update immediately using update

management software, or by checking for updates using the Microsoft Update service. Since

the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.

More Information

http://technet.microsoft.com/library/2755801

http://helpx.adobe.com/security/products/flash-player/apsb14-14.html



https://support.microsoft.com/kb/2957151



Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update

May 2014

Update for

Windows 8.1

Executive Summary

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update is a cumulative update that

includes all previous released security updates and nonsecurity updates. In addition to previous

updates, it includes improvements such as improved Internet Explorer 11 compatibility for enterprise

applications, usability improvements, extended mobile device management and improved hardware

support. Additionally, this update enable Windows Server 2012 to support clustering configurations for

hosts.

Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and

Windows Server 2012 R2 require this update to be installed. We recommend that you install this

update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order

to receive continued future updates.

Recommendations

This update is provided as an important update. If you select the Install updates automatically

(recommended) Windows Update setting, this update is installed automatically. If you select other

Windows Update settings, we highly recommend that you install this update through Windows Update

immediately.

Important For the months of May-August, any update applicable to Windows 8.1/Server 2012 R2 will

have 2 packages: one for systems that have 2919355 and one for systems without 2919355.

More Information

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update May 2014


Information for IT Professionals

http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-

pro-perspective.aspx

http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-

wsus-availability-and-adjusted-timeline.aspx



http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-pro-perspective.aspx















http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-wsus-availability-and-adjusted-timeline.aspx




















Security Bulletin Summary May 2014

Bulletin Bulletin title Severity Priority

MS14-029 Security Update for Internet Explorer Critical 1

MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature

Bypass Important 1

MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege Important 1

MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code

Execution Critical 2

MS14-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Important 2

MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege Important 2

MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege Important 3

MS14-028 Vulnerabilities in iSCSI Could Allow Denial of Service Important 3

Appendix



MSRT Changes, Tools, and Public Security Bulletin Webcast Related

Resources

Malicious Software

Removal Tool (MSRT)

Win32/Miuref - This family of threats can redirect your web browser to show you ads or download

other malware.

Win32/Filcout – This application, sometimes referred to as FileScout, is used to help you find programs

to run unknown files, however it is also known to install variants of the Win32/Sefnit family without

your knowledge.

Additional Malware

Removal Tools

Microsoft Safety Scanner

• Same basic engine as the MSRT, but with a full set of A/V signatures.

Windows Defender Offline

• An offline bootable A/V tool with a full set of signatures.

• Designed to remove rootkits and other advanced malware that can't always be detected by

antimalware programs.

• Requires you to download an ISO file and burn a CD, DVD, or USB flash drive.

Public Webcast

Information About Microsoft's Security Bulletins

Wednesday, May 14, 2014, 11:00 A.M. Pacific Time (US & Canada)

Register at: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572979

Microsoft Security

Blogs

Microsoft Security Response Center Blog: http://blogs.technet.com/msrc

Microsoft Security Research Defense Blog: http://blogs.technet.com/srd

Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc

Microsoft Security Development Lifecycle Blog: http://blogs.technet.com/sdl

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572979

http://blogs.technet.com/msrc

http://blogs.technet.com/srd

http://blogs.technet.com/mmpc

http://blogs.technet.com/sdl


Detection & Deployment (Manageability Tools) Reference May 2014

Bulletin Windows

Update 1

Microsoft

Update 1 MBSA 2 WSUS SMS ITMU SCCM

MS14-022 No Yes Yes Yes Yes Yes



MS14-025 No No Yes Yes Yes Yes

MS14-026 Yes Yes Yes Yes Yes Yes




1. Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.

2. Microsoft Baseline Security Analyzer (MBSA) v2.3 now supports Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.


Public Security Bulletin Resource Links Resources

Monthly Bulletin Links

• Microsoft Security Bulletin Summary for May 2014

https://technet.microsoft.com/library/ms14-may.aspx

• Security Bulletin Search

http://technet.microsoft.com/security/bulletin

• Security Advisories

http://technet.microsoft.com/security/advisory

• Microsoft Technical Security Notifications

http://technet.microsoft.com/security/dd252948.aspx

Supplemental Security Reference Articles

• Detailed Bulletin Information Spreadsheet


• Security Tools for IT Pros

http://technet.microsoft.com/en-us/security/cc297183

• KB894199 Description of Software Update Services and Windows Server Update Services changes in content


• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software


http://technet.microsoft.com/security/dd252948.aspx


MS14-025 and MS14-029 Known Issues

MS14-025 : KB2962486, 2928120

• Additional Action Required: It is important to note that the update does not remove any

existing GPOs that were configured prior to the application of this security update. Customers

with existing GPOs that were configured using the identified Group Policy preferences should

remove this risk from their domain environment. See Knowledge Base Article 2962486 for more

information.

MS14-029 : KB2953522, 2961851

• This security update is not a cumulative update, either MS14-018 or MS14-012 (depending on

OS and IE combination) is required. See the table in the bulletin FAQ for details.

https://support.microsoft.com/kb/2962486

https://technet.microsoft.com/en-us/library/security/ms14-029.aspx

Links

Públicos

dos

Boletin de

Segurança

Português

LATAM

Links do Boletins em Português

• Microsoft Security Bulletin Summary for May 2014-

Resumo

http://technet.microsoft.com/pt-

br/security/bulletin/ms14-May

• Security Bulletin Search/Boletins de Segurança Busca

http://technet.microsoft.com/pt-br/security/bulletin

• Security Advisories/Comunicados de Segurança

http://technet.microsoft.com/pt-br/security/advisory

• Microsoft Technical Security Notifications - Notificações

http://technet.microsoft.com/pt-

br/security/dd252948.aspx

Blogs

Negócios de Risco

• http://blogs.technet.com/b/risco/

• MSRC Blog


• SRD Team Blog


• MMPC Team Blog


• MSRC Ecosystem Team Blog

http://blogs.technet.com/ecostrat

Supplemental Security Reference Articles

• Detailed Bulletin Information Spreadsheet


• Security Tools for IT Pros- Ferramentas de Segurança

http://technet.microsoft.com/pt-br/security/cc297183

• KB894199 Description of Software Update Services and Windows Server Update Services changes in

content


• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious

software


http://technet.microsoft.com/pt-br/security/bulletin/ms14-Feb











http://technet.microsoft.com/pt-br/security/dd252948.aspx






http://blogs.technet.com/ecostrat







Webcast

Português

Junho

GBS Security Worldwide Programs 33

Webcast Português (Externo) WEBCAST – CLIENTES https://msevents.microsoft.com/CUI/EventDetail.aspx?Event

ID=1032575585

12/Junho/2014

15:30 Hrs Brasília

Para receber convite para a conferência escrever para [email protected]




Monthly Security Bulletin Briefing - Microsoft€¦ · Bulletin Briefing May 2014 Customer Version...

Documents

Transcript of Monthly Security Bulletin Briefing - Microsoft€¦ · Bulletin Briefing May 2014 Customer Version...