Microsoft Security Bulletin Summary for April 2014

Published : April 08, 2014

Microsoft released 4 new security updates today, as part of their routine monthly security update cycle. Two (2) are rated as Critical and two (2) as important, addressing 11 CVE's in Microsoft Windows, Office and Internet Explorer.

The critically rated update for Microsoft Word addresses the issues described in Microsoft Security Advisory 2953095.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 2

• MS14-017 - Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
• MS14-018 - Cumulative Security Update for Internet Explorer (2950467)

Important: 2

• MS14-019 - Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
• MS14-020 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

As per Dustin Childs @ the Microsoft Security Response Center (MSRC):

We would be remiss if we did not mention another end; the end of support for Windows XP and Office 2003. The updates provided by MS14-018 and MS14-019 will be the final security updates for Windows XP; MS14-017 and MS14-020 are the final update for Office 2003. For those who haven't migrated yet, I recommend visiting the Microsoft Security Blog, where my colleague Tim Rains provides guidance for consumers and small businesses who may have questions about how end of support affects them. Enterprise administrators will also find this a worthwhile read.

http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx