Microsoft Security Bulletin Release (Out of Band) – Security Update for Internet Explorer (2965111)

Number: AV14-024
Date: 2 May 2014


The purpose of this advisory is to draw attention to the Microsoft Security Bulletin Release (Out of Band) Security Update for Internet Explorer (2965111)


This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory referred to in Microsoft Security Advisory 2963983 (CVE-2014-1776).

Affected products :

To see the full list of affected components please visit the Advance Notification webpage at the link below and review the "Affected Software" section.

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

Instructions addressing these update processes are also provided in the Microsoft's security bulletin;

Note: Microsoft has included security updates for all supported versions of the Windows operating system as well as Windows XP.


Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: