Feed aggregator

Microsoft Security Bulletin MS14-016 - Important: Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.1

Microsoft Security Notifications - Mon, 05/19/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (May 20, 2014): Clarified in the vulnerability FAQ what systems are primarily at risk for CVE-2014-0317. Added Update FAQ to explain why users running Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 might not be offered the update. These are informational changes only.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username.
Categories: Security Alerts

Microsoft Security Bulletin MS14-018 - Critical: Cumulative Security Update for Internet Explorer (2950467) - Version: 1.1

Microsoft Security Notifications - Wed, 04/16/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the Update FAQ for details.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

Microsoft Security Bulletin MS14-017 - Critical: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

Microsoft Security Bulletin MS14-019 - Important: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker's specially crafted files and subsequently convince them to run them.
Categories: Security Alerts

Microsoft Security Bulletin MS14-020 - Important: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution - Important (2950145) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-020 - Important : Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-019 - Important : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker's specially crafted files and subsequently convince them to run them.
Categories: Security Alerts

MS14-018 - Critical : Cumulative Security Update for Internet Explorer (2950467) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-017 - Critical : Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) - Version: 1.0

Microsoft Security Notifications - Mon, 04/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-016 - Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.1

Microsoft Security Notifications - Wed, 03/19/2014 - 23:00
Severity Rating: Important
Revision Note: V1.1 (March 20, 2014): Clarified in the vulnerability FAQ what systems are primarily at risk for CVE-2014-0317. Added Update FAQ to explain why users running Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 might not be offered the update. These are informational changes only.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker attempts to match passwords to a username.
Categories: Security Alerts

Microsoft Security Bulletin MS14-014 - Important: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Categories: Security Alerts

Microsoft Security Bulletin MS14-015 - Important: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Categories: Security Alerts

Microsoft Security Bulletin MS14-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

Microsoft Security Bulletin MS14-012 - Critical: Cumulative Security Update for Internet Explorer (2925418) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-014 - Important : Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Categories: Security Alerts

MS14-013 - Critical : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-016 - Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker attempts to match passwords to a username.
Categories: Security Alerts

MS14-015 - Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Categories: Security Alerts

MS14-014 - Important : Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Categories: Security Alerts

MS14-013 - Critical : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) - Version: 1.0

Microsoft Security Notifications - Mon, 03/10/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts
Syndicate content