Microsoft Security Bulletin Summary for August 2014

Number: AV14-061
Date: 12 August 2014

Purpose

The purpose of this advisory is to draw attention to the monthly Microsoft Security Bulletin Summary for August 2014.

Assessment

The summary covers 9 bulletins (2 Critical, 7 Important), that address multiple vulnerabilities in Internet Explorer, Windows Media Center, OneNote, SQL Server, Kernel-Mode Drivers, Windows Installer Service, Microsoft SharePoint Server, .NET Framework and LRPC.

*** CRITICAL ***
MS14-043 - Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)  
https://technet.microsoft.com/library/security/ms14-043

MS14-051 - Cumulative Security Update for Internet Explorer (2976627) 
https://technet.microsoft.com/library/security/MS14-051

*** IMPORTANT ***
MS14-044 - Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
https://technet.microsoft.com/library/security/MS14-044

MS14-045 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
https://technet.microsoft.com/library/security/MS14-045

MS14-046 - Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) 
https://technet.microsoft.com/library/security/MS14-046

MS14-047 - Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
https://technet.microsoft.com/library/security/MS14-047

MS14-048 - Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
https://technet.microsoft.com/library/security/MS14-048

MS14-049 - Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
https://technet.microsoft.com/library/security/MS14-049

MS14-050 - Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
https://technet.microsoft.com/library/security/MS14-050

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://technet.microsoft.com/en-us/library/security/ms14-aug.aspx

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: