The software released the Security Bulletin on July 15, July 2014 on time. It mainly Fixed Multiple Security Vulnerabilities (up to 29 in total) in IE browser and Windows Components ). Including remote code execution, Elevation of Privilege, and denial of service. Server Security dogs have also pushed these patches. To prevent hackers from exploiting the latest vulnerabilities, we recommend that you fix them in time to prevent hacker intrusion!
The following is a summary of July 2014 security vulnerabilities:
1. MS14-038: vulnerabilities in Windows diaries may allow remote code execution (kb2971850)
Description: This security update resolves a secret report vulnerability in Microsoft Windows. This vulnerability may allow remote code execution if you open a specially crafted diary file. Users with fewer system user permissions configured for accounts are less affected than users with administrative user permissions.
2. MS14-037: Internet Explorer Cumulative Security Update (kb2962872)
Description: This security update resolves a public vulnerability in Internet Explorer and a vulnerability reported by 23 secrets. The most serious vulnerability may allow remote code execution when users use Internet Explorer to view specially crafted webpages. Attackers who successfully exploit these vulnerabilities can obtain the same user permissions as the current user. Those Users whose accounts are configured with less system user permissions are less affected than those who have user management permissions.
3. MS14-039: vulnerabilities in the keyboard may allow Elevation of Privilege (kb2973201)
Description: This security update resolves a secret report vulnerability in Microsoft Windows. If an attacker uses a vulnerability in a low-integrity process to execute an on-screen keyboard (osk) and upload a special program to the target system, the vulnerability may allow Elevation of Privilege.
4. MS14-040: vulnerabilities in helper drivers (AFD) May Allow Elevation of Privilege (kb2961072)
Description: This security update resolves a secret report vulnerability in Microsoft Windows. If attackers log on to the system and run special applications, this vulnerability may allow Elevation of Privilege. Attackers must have valid logon creden。 and can log on locally to exploit this vulnerability.
5. MS14-041: vulnerabilities in DirectShow may allow Elevation of Privilege (kb2972280)
Description: This security update resolves a secret report vulnerability in Microsoft Windows. If an attacker first exploits another vulnerability in a low-integrity process and then uses this vulnerability to execute specially crafted code in the logon user context, the vulnerability may allow Elevation of Privilege.
The security update also includes MS14-042: vulnerabilities in Microsoft service bus that may allow denial of service (2972621)
This security update addresses a public disclosure vulnerability in Microsoft Service Bus for Windows Server. If an authenticated remote attacker creates and runs a program to send a series of specially crafted Advanced Message Queue Service protocol (amqp) messages to the target system, the vulnerability may allow dos.
For more information about Windows security vulnerabilities in July, refer to Microsoft Security Bulletin: https://technet.microsoft.com/library/security/ms14-jul