20140709. Microsoft released 6 security patches and July 9 security patches in 20140709.
Hello everyone, we are the security support team of Microsoft Greater China.
Microsoft released six new security bulletins on July 15, July 9, 2014, Beijing time. Two of them are severity levels, three are severity levels, and one is moderate. Microsoft Windows is repaired, internet Explorer and Microsoft server Software have 29 vulnerabilities. As before, we recommend that you install all updates, and for users who are currently using only part of updates, we recommend that you first deploy the Security Bulletin MS14-037 and MS14-038 to update Internet Explorer (IE) and Windows Journal.
The MS14-037 addresses a publicly disclosed vulnerability in InternetExplorer and a vulnerability reported by 23 secrets. The most serious vulnerability may allow remote code execution when users use Internet Explorer to view specially crafted webpages. To ensure that you get the latest protection when browsing the Internet, you should upgrade your IE to the latest version.
The MS14-038 addresses a secret report vulnerability in Microsoft Windows. This vulnerability may allow remote code execution if you open a specially crafted diary file. Users with fewer system user permissions configured for accounts are less affected than users with administrative user permissions.
Microsoft also released three new security reports.
Security notice 2871997| Fixes updates to improve credential Protection and Management
Microsoft released the 2008 update for supported versions of Windows 7, Windows Server 2012 R2, Windows 8, Windows Server 2973351, and Windows RT. For supported versions of Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1, version 2919355 (Windows 8.1 update) has been installed. Microsoft released the 2919355 update for supported versions of Windows 8.1 and Windows Server 8.1 R2 that do not have the 2012 update installed. This update provides configurable registry settings for restricted management modes of CredSSP.
Security notice 2960358| Correction for disabling update of RC4 in. NET TLS
Microsoft announced the release of Microsoft. NET Framework updates, which disabled RC4 in Transport Layer Security (TLS) by modifying the system registry. Using RC4 in TLS may allow attackers to execute man-in-the-middle attacks to restore plain text from encrypted sessions.
Security notice 2755801 | Pair Update and correction of vulnerabilities in Adobe Flash Player in Internet Explorer
Microsoft released an update (2012) for Internet Explorer 10 on Windows 8, Windows Server 8.1, and Windows RT, and Internet Explorer 11 on Windows 2012, Windows Server 8.1 R2, and Windows RT 2974008). The update addresses the vulnerability described in the Adobe Security Bulletin APSB14-17.
The following table lists the security bulletins for this month (sorted by severity ).
Announcement ID |
Announcement title and summary |
Highest severity level and vulnerability impact |
Restart requirements |
Affected Software |
MS14-037 |
Accumulative Security Update of Internet Explorer (2975687) This security update resolves a public vulnerability in Internet Explorer and a vulnerability reported by 23 secrets. The most serious vulnerability may allow remote code execution when users use Internet Explorer to view specially crafted webpages. Attackers who successfully exploit these vulnerabilities can obtain the same user permissions as the current user. Those Users whose accounts are configured with less system user permissions are less affected than those who have user management permissions. |
Severe Remote Code Execution |
Restart required |
Microsoft Windows, Internet Explorer |
MS14-038 |
Windows diary vulnerabilities may allow remote code execution (2975689) This security update resolves a secret report vulnerability in Microsoft Windows. This vulnerability may allow remote code execution if you open a specially crafted diary file. Users with fewer system user permissions configured for accounts are less affected than users with administrative user permissions. |
Severe Remote Code Execution |
May require restart |
Microsoft Windows |
MS14-039 |
Vulnerabilities in the screen keyboard may allow Elevation of Privilege (2975685) This security update resolves a secret report vulnerability in Microsoft Windows. If an attacker uses a vulnerability in a low-integrity process to execute an on-screen keyboard (OSK) and upload a special program to the target system, the vulnerability may allow Elevation of Privilege. |
Important Privilege Escalation |
Restart required |
Microsoft Windows |
MS14-040 |
Vulnerabilities in auxiliary function drivers (AFD) May Allow Elevation of Privilege (2975684) This security update resolves a secret report vulnerability in Microsoft Windows. If attackers log on to the system and run special applications, this vulnerability may allow Elevation of Privilege. Attackers must have valid logon creden。 and can log on locally to exploit this vulnerability. |
Important Privilege Escalation |
Restart required |
Microsoft Windows |
MS14-041 |
The vulnerability in DirectShow may allow Elevation of Privilege This security update resolves a secret report vulnerability in Microsoft Windows. If an attacker first exploits another vulnerability in a low-integrity process and then uses this vulnerability to execute specially crafted code in the logon user context, the vulnerability may allow privilege escalation by default, modern immersive browsing experience on Windows 8 and Windows 8.1 runs in enhanced protection mode (PMSS. For example, customers who use a touch-friendly Internet Explorer 11 browser on modern Windows tablets use enhanced protection by default. The enhanced protection mode uses advanced security protection to help mitigate this vulnerability on 64-bit systems. |
Important Privilege Escalation |
May require restart |
Microsoft Windows |
MS14-042 |
Microsoft Service Bus vulnerabilities may allow DoS (2972621) This security update addresses a public disclosure vulnerability in Microsoft Service Bus for Windows Server. If an authenticated remote attacker creates and runs a program to send a series of specially crafted Advanced Message Queue Service protocol (AMQP) messages to the target system, the vulnerability may allow dos. Microsoft Service Bus for Windows Server is not provided with any Microsoft operating system. To make the affected system vulnerable, you must first download, install, and configure the Microsoft Service Bus, and then share the configuration details (farm Certificate) with other users ). |
Moderate Denial of Service |
No need to restart |
Microsoft Server Software |
Microsoft will broadcast a network at eleven o'clock A.M., January 1, July 9, 2014 (US and Canada Pacific time) to answer your questions about these announcements. Register now and apply to listen to the security announcement network broadcast in July.
For details, refer to the summary of the Security Announcement on April 1:
Https://technet.microsoft.com/library/security/ms14-jul
Microsoft Security response center blog article (English ):
Http://blogs.technet.com/ B /msrc/archive/2014/07/08/july-2014-security-bulletin-release.aspx
Microsoft Greater China Security Support Team
AAA cloud free VM instance referral code (valid: July 9, 2014): AAAYUN0004FP9MLPT77-20140709
It is best for a host to be in the cloud.
Which is the ID of the vulnerability in the plug-and-play?
MS05-039 No.
Name: The plug-and-play vulnerability may allow remote code execution and privilege elevation.
KB No.: 899588
Level: severe
This update eliminates a new detected vulnerability in a secret report. A remote code execution vulnerability exists in the plug-and-play (PnP). Successful exploits allow attackers to completely control the affected system. Attackers can then install programs, view, change, or delete data, or create new accounts with full user permissions. This vulnerability is described in the vulnerability details section of this announcement.
We recommend that you install the update immediately.
Db.kingsoft.com/...shtml