Tuesday June 10, 2014 – Microsoft released a rather large number of updates for Windows.
A total of 59 updates were released with 7 being labeled as CRITIAL.
These updates are expected to address over 60 vulnerabilities that have been discovered.
Below is a list of a few of the updates. The information listed below comes from ZDNet. For more information about this round of updates go to http://www.zdnet.com/large-internet-explorer-update-headlines-june-patch-tuesday-7000030390/ for the full article.
- MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259) — This is an unusual vulnerability, which could allow an attacker to modify the traffic content of an active RDP session. It is blocked by Network Level Authentication (NLA) and good firewall practices and, in any case, Microsoft considers it unlikely that successful exploit code could be written.
- MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478) — An attacker could cause a system to stop responding. Microsoft considers it unlikely that successful exploit code could be written.
- MS14-032: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258) — Lync Server content could potentially execute scripts in the user’s browser to obtain information from web sessions. Microsoft considers it unlikely that successful exploit code could be written.
- MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061) — XML processing could allow an attacker access to more information than is proper. Microsoft considers it unlikely that successful exploit code could be written.
- MS14-034: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) — Word’s handling of embedded fonts could be abused to give an attacker remote code execution with the same privileges as the user running Word.
Microsoft also released numerous non-security updates today. The vast majority are for Windows 8 and 8.1, a few for Windows RT and Windows Server 2012 and two for Windows 7 and Windows Server 2008 R2.
A new version of the Microsoft Malicious Software Removal Tool is also available, and runs automatically when users run Windows Update. The new version adds detection and removal for Win32/Necurs, a sophisticated rootkit that puts great effort into combating security software.