JPCERT-AT-2014-0015
JPCERT/CC
2014-04-09
<<< JPCERT/CC Alert 2014-04-09 >>>
Microsoft Security Bulletin for April 2014
(including 2 critical patches)
https://www.jpcert.or.jp/english/at/2014/at140015.html
I. Overview
Microsoft has released its security bulletin for April, 2014. This
bulletin contains two (2) updates that are rated as "critical".
Remote attackers leveraging these vulnerabilities may be able to
execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
Microsoft Security Bulletin Summary for April 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-apr
[Security updates rated as "critical"]
MS14-017
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
https://technet.microsoft.com/en-us/security/bulletin/ms14-017
MS14-018
Cumulative Security Update for Internet Explorer (2950467)
https://technet.microsoft.com/en-us/security/bulletin/ms14-018
According to Microsoft, targeted attacks leveraging MS14-017 have
been observed in the wild.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update
http://www.update.microsoft.com/
Windows Update
http://windowsupdate.microsoft.com/
* With this update, Microsoft will end support for Windows XP and
Office 2003. Security updates will not be provided after the end
of support and concerns on security risk will rise, therefore
please consider updating to a newer OS and software.
* If migration to a newer OS or software cannot be completed due to
unavoidable circumstances, it is recommended to apply security
updates provided by Microsoft, implement a vulnerability
mitigation tool, such as EMET. Additionally, in order to reduce
risk as much as possible do not access the internet, do not
connect untrusted USB memory sticks or other external storage
devices
III. References
Microsoft Corporation
Microsoft Security Bulletin Summary for April 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-apr
Microsoft Corporation
Security Information for April 2014 (Monthly) - MS14-017 - MS14-020 (Japanese)
http://blogs.technet.com/b/jpsecurity/archive/2014/04/09/microsoft-security-bulletin-201404.aspx
Microsoft Corporation
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
https://technet.microsoft.com/en-us/security/advisory/2755801
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top