Four security bulletins, all rated “important,” are being issued to address six common vulnerabilities and exposures in Microsoft Windows, Office and Dynamics AX, reports Dustin Childs on the Microsoft Security Response Center blog.
The top deployment priority for this month is MS14-002, first described in Security Advisory 2918840, which “allows an attacker to perform an elevation of privilege if they are able to log on to a system and run a specially crafted application,” Childs writes.
“We are aware of targeted attacks using this vulnerability, where attackers attempts to lure someone into opening a specially crafted PDF to access the system. Even when we first saw this, the PDF portion of the attack did not affect those with a fully updated system.”
Microsoft is also re-releasing MS13-081 for Windows 7 and Windows Server 2008 R2. The update “addresses an issue in the original offering that caused the KB2862330update to fail or only partially install on some systems with third-party USB drivers,” Childs writes. “If you are running an affected system, you will be re-offered the new update and we encourage you to install it at the earliest opportunity.”
Microsoft is also revising Security Advisory 2755801 with the latest update for Adobe Flash Player in Internet Explorer. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-02, he says.
Watch the bulletin overview video, above, for a summary of these releases. And, for more information about this month’s security updates, visit the Microsoft Bulletin Summary Web page.
Childs, along with William Peteroy, will host the monthly bulletin webcast at 11 a.m. PT on Wednesday. You can register here to tune in to learn more. To read Childs’ post, and learn more about other planned security updates in the months ahead, visit the Microsoft Security Response Center blog.
You might also be interested in:
Microsoft News Center Staff