Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft Security Bulletin Summary for March 2014

by Carol~ Mar 12, 2014 5:58AM PDT
Microsoft Security Bulletin Summary for March 2014

Published : March 11, 2014

Microsoft released 5 new security updates today, as part of their routine monthly security update cycle. Two (2) are rated as Critical and three (3) as important, addressing 23 unique CVE's in Microsoft Windows, Internet Explorer and Silverlight.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 2

MS14-012 - Cumulative Security Update for Internet Explorer (292541Cool
MS14-013 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)

Important: 3

MS14-015 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
MS14-016 - Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (293441Cool
MS14-014 - Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dustin Childs notes in his overview of the updates (The March 2014 Security Updates) @ the Microsoft Security Response Center (MSRC):

If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While that update does warrant your attention, I want to also call out another impactful update.

MS14-014 provides an update to address a security feature bypass in Silverlight. The issue wasn't publicly known and it isn't under active attack, however it can impact your security in ways that aren't always obvious. Specifically, the update removes an avenue attackers could use to bypass ASLR protections. Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable. Picasso said, "The hidden harmony is better than the obvious" - Shutting down an ASLR bypass could be considered one of the most harmonious things to do to help increase customer security.

Continued here: http://blogs.technet.com/b/msrc/archive/2014/03/11/the-march-2014-security-updates.aspx

Discussion is locked

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info