Patch Management Service Content Update from CTCOMP – April 2014

Four bulletins were released this month which address 11 unique CVEs in Microsoft Windows, Internet Explorer, and Microsoft Office. For those who need to prioritize their deployment planning, Microsoft recommends focusing on the update for Microsoft Word (Security Advisory 2953095) as well as the update for Internet Explorer.

MS14-017 | Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Word. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office software. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2953095.

MS14-018 | Cumulative Update for Internet Explorer

This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. The update for Internet Explorer 11 on Windows 8.1 and Windows Server 2012 R2 is not cumulative – it only addresses the issues described in this bulletin. There is also the option of installing KB2919355, which is a cumulative update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. In addition to previous updates for these operating systems, it includes enhancements such as improved Internet Explorer 11 compatibility for enterprise applications, usability improvements, extended mobile device management, and improved hardware support.  Similarly, those who are running Internet Explorer 11 on Windows 7 and Windows Server 2008 R2 also can choose a cumulative update: KB2929437. In addition to previous updates for Internet Explorer 11 on these operating systems, it includes enhancements such as improved Internet Explorer 11 compatibility for enterprise applications.

This month also marks the end of support for Windows XP and Office 2003. MS14-018 and MS14-019 will be the final security updates for Windows XP while MS14-017 and MS14-020 are the final updates for Office 2003.

patch-april

(source: Microsoft Security Response Center)

 

April 18, 2014

Update Report on Patches MS14-017 to MS14-020

MS14-017: Deployed via Kaseya and tested successfully for Office 2003, 2007, 2010, 2013.

MS14-018: Deployed via Kaseya and tested successfully for Internet Explorer 7, 8, 9, 11 on Windows 2003, 2008, 7, 2008R2, 8.1, 2012R2.

MS14-019: Deployed via Kaseya and tested successfully on Windows 2003, 2008, 7, 2008R2, 8, 8.1, 2012R2.

MS14-020: Deployed via Kaseya and tested successfully for Office 2007.