JPCERT-AT-2014-0034
                                                            JPCERT/CC
                                                           2014-09-10
                 <<< JPCERT/CC Alert 2014-09-10 >>>

            Microsoft Security Bulletin for September 2014
                 (including 1 critical patches)

            https://www.jpcert.or.jp/english/at/2014/at140034.html


I. Overview

  Microsoft has released its security bulletin for September, 2014.
This bulletin contains one (1) updates that are rated as "critical".
Remote attackers leveraging these vulnerabilities may be able to
execute arbitrary code.

  Details on the vulnerabilities can be found at the following URL:

    Microsoft Security Bulletin Summary for September 2014
    https://technet.microsoft.com/en-us/library/security/ms14-sep

  [Security updates rated as "critical"]

    MS14-052
    Cumulative Security Update for Internet Explorer (2977629)
    https://technet.microsoft.com/en-us/library/security/ms14-052


II. Solution

  Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.

    Microsoft Update
    http://www.update.microsoft.com/

    Windows Update
    http://windowsupdate.microsoft.com/

  If you are applying the security update released in August, 2014,
Internet Explorer begins blocking out-of-date Java ActiveX controls
from today. For more information, please refer to the following:

    Internet Explorer begins blocking out-of-date ActiveX controls
    https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx

  * With the April 2014 update, Microsoft have ended the support for
    Windows XP and Office 2003. Concerns on security risk will rise
    henceforth, and therefore please consider updating to a newer OS
    and software.


III. References

    Microsoft
    Microsoft Security Bulletin Summary for August 2014
    https://technet.microsoft.com/en-us/library/security/ms14-aug

    Microsoft
    Microsoft Security Information for September 2014 (Monthly) - MS14-052 - MS14-055 (Japanese)
    http://blogs.technet.com/b/jpsecurity/archive/2014/09/10/201409-security-bulletin.aspx

    Internet Explorer begins blocking out-of-date ActiveX controls
    https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx

    Microsoft
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    https://technet.microsoft.com/library/security/2755801


  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/