Patch Tuesday: Microsoft Security Bulletin Summary for April 2014

  • Post author:
  • Reading time:5 mins read

Patch Tuesday April 2014

Another light Patch Tuesday with only Four bulletins addressing a total of 11 vulnerabilities and also final set of security updates for Microsoft Windows XP and Microsoft Office 2003.

Two are rated as Critical (addressing 9 vulnerabilities) and two are rated as Important.

Critical security updates addresses security issues in Microsoft Office, Microsoft SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office Web Apps and Internet Explorer. The other two Important security updates address security issues in Microsoft Publisher and Microsoft Windows File Handling Component. All of them potentially allow Remote Code Execution.

Microsoft Word RTF Memory Corruption Zero-day vulnerability, CVE-2014-1761 which was exploited in the wild is patched in MS14-017 bulletin. If ‘Fix it’ was applied from Microsoft Security Advisory 2953095, it should be removed after applying the update to ensure RTF files open correctly.

 

Microsoft security bulletin summary for April 2014 in order of severity.

MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
Severity Rating: Critical
Affected Software: Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft SharePoint Server, Microsoft Office Web Apps.
Impact: Remote Code Execution

MS14-018: Cumulative Security Update for Internet Explorer (2950467)
Severity Rating: Critical
Affected Software: Internet Explorer Vulnerability
Impact: Remote Code Execution

MS14-019: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
Severity Rating: Important
Affected Software: Microsoft Windows Vulnerability
Impact: Remote Code Execution

MS14-020: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
Severity Rating: Important
Affected Software: Microsoft Publisher Vulnerability
Impact: Remote Code Execution

 

April PT 2014 Deployment Priority

Finally, support has ended for Microsoft Windows XP on April 8, 2014 and support/updates are no longer available from Microsoft. Now Windows XP will be favorite target for attackers. Microsoft suggests to upgrade to Windows 8.1 from Windows XP.

Until you upgrade or move to different operating system, follow the below steps to avoid certain security risks and viruses to an extent,
1) Install Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) software.
2) Use different browser as Internet Explorer 8 is no longer supported.
3) Install Microsoft’s Malicious Software Removal Tool.
4) Install Antivirus and keep virus definitions up-to date.
5) Never click on emails from unknown source and avoid suspicious websites.

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

– Veerendra GG