Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday [1].
There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is the last version of IE to run on Windows XP.
Preliminary Patch Table: (the bulletin numbers and anything else may change in the final release)
| # |
Affected |
Contra Indications - KB |
Known Exploits |
Microsoft rating(**) |
ISC rating(*) |
| clients |
servers |
| MS14-030 |
Cumulative Internet Explorer Update
|
Internet Explorer
CVE-2014-1770 |
TBD |
Vuln. known, but according to MSFT not yet exploited. |
Severity: Critical
Exploitability: ? |
Critical |
Critical |
| MS14-031 |
Microsoft Office and Lynx Remote Code Execution Vulnerability
|
| Windows, Office, Lync (Client) |
TBD |
. |
Severity: Critical
Exploitability: ? |
Critical |
Important |
| MS14-032 |
Microsoft Office Remote Code Execution Vulnerability
|
| Microsoft Office |
TBD |
. |
Severity: Important
Exploitability: ? |
Critical |
Important |
| MS14-033 |
Information Disclosure Vulnerability in Windows
|
| Microsoft Windows |
TBD |
. |
Severity: Important
Exploitability: ? |
Important |
Important |
| MS14-034 |
Information Disclosure Vulnerability in Lync Server
|
| Lync Server |
TBD |
. |
Severity: Important
Exploitability: ? |
N/A |
Important |
| MS14-035 |
Denial of Service Vulnerability in Windows
|
| Microsoft Windows |
TBD |
. |
Severity: Important
Exploitability: ? |
Important |
Important |
| MS14-036 |
Tampering Vulnerability in Windows
|
| Microsoft Windows |
TBD |
. |
Severity: Important
Exploitability: ? |
Important |
Important |
[1] https://technet.microsoft.com/library/security/ms14-jun
---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn
I will be teaching next:
Intrusion Detection In-Depth - SANS Las Vegas Spring 2020
