Microsoft Patch Tuesday - July
Overview of the July 2014 Microsoft patches and their status.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS14-037 | Cumulative Security Update for Internet Explorer | |||||
Microsoft Windows, Internet Explorer CVE-2014-1763 CVE-2014-1765 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813 CVE-2014-1763 CVE-2014-1765 CVE-2014-2783 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813 |
KB 2975687 | Yes! | Severity:Critical Exploitability: 1 |
Critical | Important | |
MS14-038 | Vulnerability in Windows Journal Could Allow Remote Code Execution | |||||
Microsoft Windows CVE-2014-1824 |
KB 2975689 | No | Severity:Critical Exploitability: 1 |
Critical | Critical | |
MS14-039 | Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege | |||||
Microsoft Windows CVE-2014-2781 |
KB 2975685 | No | Severity:Important Exploitability: 1 |
Important | Important | |
MS14-040 | Vulnerability in Ancillary Function Driver | |||||
Microsoft Windows CVE-2014-1767 |
KB 2975684 | No | Severity:Important Exploitability: 1 |
Important | Important | |
MS14-041 | Vulnerability in DirectShow Could Allow Elevation of Privilege | |||||
Microsoft Windows CVE-2014-2780 |
KB 2975681 | No | Severity:Important Exploitability: 1 |
Important | Important | |
MS14-042 | Vulnerability in Microsoft Service Bus Could Allow Denial of Service | |||||
Microsoft Server Software CVE-2014-2814 |
KB 2972621 | Yes! | Severity:Moderate Exploitability: 1 |
Less Urgent | Less Urgent |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: Practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
--
Alex Stanford - GIAC GWEB,
Research Operations Manager,
SANS Internet Storm Center
Keywords: mspatchday
1 comment(s)
×
Diary Archives
Comments
https://community.flexerasoftware.com/showthread.php?217569-InstallShield-Crashes-and-Microsoft-KB-2962872
Anonymous
Jul 14th 2014
1 decade ago