Microsoft Fixed Over 29 Windows Security Vulnerabilities On Patch Tuesday

As part of patch Tuesday updates, Microsoft yesterday fixed over 29 different vulnerabilities in Windows. Microsoft released the following summary that lists security bulletins released for July 2014. With the release of the security bulletins for July 2014, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2014.

Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software
MS14-037Cumulative Security Update for Internet Explorer (2975687)

This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical
Remote Code Execution
Requires restartMicrosoft Windows,
Internet Explorer
MS14-038Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution
May require restartMicrosoft Windows
MS14-039Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses a vulnerability in a low integrity process to execute the On-Screen Keyboard (OSK) and upload a specially crafted program to the target system.

Important
Elevation of Privilege
Requires restartMicrosoft Windows
MS14-040Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs onto a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Important
Elevation of Privilege
Requires restartMicrosoft Windows
MS14-041Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged on user. By default, the modern, immersive browsing experience on Windows 8 and Windows 8.1 runs with Enhanced Protected Mode (EPM). For example, customers using the touch-friendly Internet Explorer 11 browser on modern Windows tablets are using Enhanced Protected Mode by default. Enhanced Protected Mode uses advanced security protections that can help mitigate against exploitation of this vulnerability on 64-bit systems.

Important
Elevation of Privilege
May require restartMicrosoft Windows
MS14-042Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)

This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Microsoft operating system. For an affected system to be vulnerable Microsoft Service Bus must first be downloaded, installed, and configured, and then its configuration details (farm certificate) shared with other users.
Moderate
Denial of Service
Does not require restartMicrosoft Server Software

Get more info about these from Microsoft here.

via: ZDNet

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments