Microsoft Patch Tuesday 2014-02-11

MS14-005
Title Information Disclosure Vulnerability in Microsoft XML Core Services
Replaces MS10-051
Affected Microsoft XML Core Services
KB KB2916036
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2014-0266 3
MS14-006
Title IPv6 Denial of Service
Replaces MS13-065
Affected TCP/IP Stack (IPv6)
KB KB2904659
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2014-0254 3
MS14-007
Title Remote Code Execution in Direct2D
Replaces
Affected Direct2D
KB KB2912390
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2014-0263 1
MS14-008
Title Allow Remote Code Execution in Microsoft Forefront
Replaces
Affected Microsoft Forefront
KB KB2927022
Known Exploits No
Microsoft Rating Critical
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2014-0294 1
MS14-009
Title Elevation of Privilege Vulnerability in .Net Framework
Replaces MS11-100, MS13-052
Affected .Net Framework
KB KB2916607
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2014-0253 1
MS14-010
Title Cumulative Security Update for Internet Explorer
Replaces MS13-097
Affected Internet Explorer
KB KB2909921
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2014-0267 1
MS14-011
Title Remote Code Execution Vulnerability in VBScript Scripting
Replaces MS10-022
Affected VBScript
KB KB2928390
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2014-0271 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.