Microsoft Security Bulletin Release (Out of Band) – Security Update for Internet Explorer (2965111)

Number: AV14-024
Date: 2 May 2014

Purpose

The purpose of this advisory is to draw attention to the Microsoft Security Bulletin Release (Out of Band) Security Update for Internet Explorer (2965111)

Assessment

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory referred to in Microsoft Security Advisory 2963983 (CVE-2014-1776).

Affected products :

To see the full list of affected components please visit the Advance Notification webpage at the link below and review the "Affected Software" section.

https://technet.microsoft.com/library/security/ms14-may

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

Instructions addressing these update processes are also provided in the Microsoft's security bulletin;
https://technet.microsoft.com/library/security/ms14-may

Note: Microsoft has included security updates for all supported versions of the Windows operating system as well as Windows XP.

References:
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2014/al14-029-eng.aspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776
http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx
https://support.microsoft.com/kb/2965111

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: