-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-002

Title: Multiple Microsoft vulnerabilities

Version history:
15.01.2014 Initial publication

Summary
=======
The vulnerabilities could allow remote code execution if a specially
crafted file is opened in an affected version of Microsoft Word or other
affected Microsoft Office software. An attacker who successfully
exploited the vulnerabilities could gain the same user rights as the
current user. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights. [1]

The vulnerability could allow elevation of privilege if an attacker logs
on to a system and runs a specially crafted application. An attacker
must have valid logon credentials and be able to log on locally to
exploit this vulnerability. [2]

The vulnerability could allow elevation of privilege if a user logs on
to a system and runs a specially crafted application. An attacker must
have valid logon credentials and be able to log on locally to exploit
this vulnerability. [3]

Vulnerable systems
==================
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows 7
Microsoft Windows Server 2008 R2

What can you do?
================
Microsoft recommends that customers apply the update at the earliest
opportunity using update management software, or by checking for updates
using the Microsoft Update service.

What to tell your users?
========================
N/A

More information
================
[1] https://technet.microsoft.com/en-us/security/bulletin/ms14-001
[2] https://technet.microsoft.com/en-us/security/bulletin/ms14-002
[3] https://technet.microsoft.com/en-us/security/bulletin/ms14-003

Best regards,
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu
QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m
g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci
u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN
X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5
nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt
Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw
/Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM
ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz
p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ
br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ
UIClMzzeFAQ4qICy4uVF
=nO8k
-----END PGP SIGNATURE-----