Patch Management Service Content Update from CTCOMP – February 2014

Seven bulletins were released this month, four rated Critical and three rated Important, which address 31 unique CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Forefront Protection for Exchange. For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS14-007, MS14-010, and MS14-011.

MS14-007 | Vulnerability in Direct2D Could Allow Remote Code Execution 
This update addresses a privately reported vulnerability in the Microsoft Windows Direct2D component. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS14-010 | Cumulative Security Update for Internet Explorer  
This cumulative update addresses one public and 23 privately disclosed issues in Internet Explorer. An attacker who successfully exploited the most severe of these issues could execute code at the level of the logged on user. Deploying this update will protect users from that scenario.

MS14-011 | Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution 
This update addresses a privately reported vulnerability in the VBScript scripting engine within Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

February_Deployment2

 (source: Microsoft Security Response Center)

February 18, 2014

Update Report on Patches MS14-005 to MS14-011

 MS14-005: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS14-006: Deployed via Kaseya and tested successfully on Windows 8. You may begin internal testing of this patch.

MS14-007: Deployed via Kaseya and tested successfully on Windows 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS14-008: * Not Tested * No patch lab or CTComp production machines are currently running Forefront Protection 2010 for Exchange. You may begin internal testing of this patch.

MS14-009: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS14-010: Deployed via Kaseya and tested successfully on Internet Explorer 8, 9, 10, 11. You may begin internal testing of this patch.

MS14-011: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.