FacebookPixel

SEPTEMBER 2014

Bulletin ID 

Bulletin Title and Executive Summary

Maximum Severity Rating and Vulnerability Impact

MS14-052

Cumulative Security Update for Internet Explorer (2977629) 

This security update resolves one publicly disclosed and thirty-six privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

MS14-053

Vulnerability in .NET Framework Could Allow Denial of Service (2990931) 

This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow denial of service if an attacker sends a small number of specially crafted requests to an affected .NET-enabled website. By default, ASP.NET is not installed when Microsoft .NET Framework is installed on any supported edition of Microsoft Windows. To be affected by the vulnerability, customers must manually install and enable ASP.NET by registering it with IIS.

Important 
Denial of Service

MS14-054

Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) 

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important 
Elevation of Privilege

MS14-055

Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) 

This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.

Important 
Denial of Service