Patch Management Service Content Update – January 2014

Four bulletins were released this month, all rated Important, which address 6 unique CVEs in Microsoft Windows, Office, and Dynamics AX. For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS14-002.

MS14-002 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege

This bulletin addresses the issue first described in Security Advisory 2918840, which allows an attacker to perform an elevation of privilege if they are able to log on to a system and run a specially crafted application. Microsoft is aware of targeted attacks using this vulnerability, where attackers attempt to lure someone into opening a specially crafted PDF to access the system.

pm-012014


January 17, 2014

Update Report on Patches MS14-001 to MS14-004

MS14-001: Deployed via Kaseya and tested successfully on Office 2003, 2007, 2010, 2013. You may begin internal testing of this patch.

MS14-002: Deployed via Kaseya and tested successfully on Windows XP, 2003. You may begin internal testing of this patch.

MS14-003: Deployed via Kaseya and tested successfully on Windows 7, 2008R2. You may begin internal testing of this patch.

MS14-004: * Not Tested * No patch lab or CTComp production machines are currently running the affected versions of Dynamics AX. You may begin internal testing of this patch.