20140812. Microsoft released nine security patches in August 12

20140812. Microsoft released nine security patches in August 12

Hello everyone, we are the security support team of Microsoft Greater China.

Microsoft released nine new security bulletins on July 15, August 12, 2014, Beijing time. Two of them are severity levels and seven are critical levels. A total of SQL Server, OneNote, SharePoint, and ,.. NET, Windows, and Internet Explorer (IE) vulnerabilities. As in the past, we recommend that you install all updates, we recommend that you first deploy the Security Bulletin MS14-051, MS14-043, and MS14-048 to update Internet Explorer, Media Center, and One Note.

The MS14-051 addresses a publicly disclosed vulnerability in Internet Explorer and a vulnerability reported by 25 secrets. The most serious vulnerability may allow remote code execution when users use Internet Explorer to view specially crafted webpages. Attackers who successfully exploit these vulnerabilities can obtain the same user permissions as the current user.

The MS14-043 addresses a secret report vulnerability in Microsoft Windows. This vulnerability may allow remote code execution if you open a Microsoft Office file that can be used to access Windows Media Center resources. Attackers who successfully exploit this vulnerability can obtain the same user permissions as the current user.

The MS14-048 addresses a secret report vulnerability in Microsoft OneNote. If a special file is opened in an affected version of Microsoft OneNote, this vulnerability may allow remote code execution. Attackers who successfully exploit this vulnerability can obtain the same user permissions as the current user.

Microsoft also released a new security bulletin:

Security Bulletin MS14-036| Vulnerabilities in components may allow remote code execution

This security update addresses two private reports in Microsoft Windows, Microsoft Office, and Microsoft Lync. If you open a special file or webpage, the vulnerability may allow remote code execution. Users with fewer system user permissions configured for accounts are less affected than users with administrative user permissions. Microsoft re-publishes this announcement to announce the provision of update 2010 on Microsoft Office 2010 Service Pack 1 and Microsoft Office 2881071 Service Pack 2.

Microsoft also released a new security bulletin:

Security notice 2755801| Vulnerability updates in Adobe Flash Player in Internet Explorer

Microsoft announced the release of Adobe Flash Player Updates for supported versions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 on Internet Explorer. This update resolves the vulnerability by updating the affected Adobe Flash library contained in Internet Explorer 10 and Internet Explorer 11. August 12, 2014, microsoft released an update (2012) for Internet Explorer 10 on Windows 8, Windows Server 8.1, and Windows RT, and Internet Explorer 11 on Windows 2012, Windows Server 8.1 R2, and Windows RT 2982794). The update addresses the vulnerability described in the Adobe Security Bulletin APSB14-18.

The following table lists the security bulletins for this month (sorted by severity)

Announcement ID	Announcement title and summary	Highest severity level and vulnerability impact	Restart requirements	Affected Software
MS14-051	Accumulative Security Update of Internet Explorer (2976627) This security update addresses a public vulnerability in Internet Explorer and 25 secret reporting vulnerabilities. The most serious vulnerability may allow remote code execution when users use Internet Explorer to view specially crafted webpages. Attackers who successfully exploit these vulnerabilities can obtain the same user permissions as the current user. Those Users whose accounts are configured with less system user permissions are less affected than those who have user management permissions.	Severe	Restart required	Microsoft Windows,
MS14-043	Vulnerabilities in Windows Media Center may allow remote code execution (2978742)	Severe	May require restart	Microsoft Windows
MS14-048	OneNote vulnerabilities may allow remote code execution (2977201)	Important	May require restart	Microsoft Office
MS14-044	Vulnerabilities in SQL Server may allow Elevation of Privilege (2984340)	Important	May require restart	Microsoft SQL Server
MS14-045	Vulnerabilities in kernel-mode drivers may allow Elevation of Privilege (2984615) If attackers log on to the system and run special applications, the most serious vulnerability may allow Elevation of Privilege. Attackers must have valid logon creden。 and be able to log on locally to exploit these vulnerabilities.	Important	Restart required	Microsoft Windows
MS14-049	Vulnerabilities in the Windows Installer Service may allow Elevation of Privilege (2962490)	Important	May require restart	Microsoft Windows
MS14-050	Vulnerabilities in Microsoft SharePoint Server may allow Elevation of Privilege (2977202)	Important	May require restart	Microsoft Server Software
MS14-046	. NET Framework vulnerabilities may allow bypassing the security feature (2984625)	Important	May require restart	Microsoft Windows,
MS14-047	Vulnerabilities in LRPC may allow security bypass (2978668)	Important	Restart required	Microsoft Windows

Microsoft will broadcast a network at eleven o'clock A.M., January 1, August 13, 2014 (US and Canada Pacific time) to answer your questions about these announcements. Register now and apply to listen to the security announcement network broadcast in July.

For details, refer to the summary of the Security Announcement on April 1:

Https://technet.microsoft.com/en-us/library/security/ms14-aug

Microsoft Security response center blog article (English ):

Http://blogs.technet.com/ B /msrc/archive/2014/08/12/august-2014-security-updates.aspx

Microsoft Greater China Security Support Team