-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-030 Title: Multiple vulnerabilities in Microsoft products Version history: 11.03.2014 Initial publication Summary ======= Microsoft released five bulletins [1] to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. The update for Internet Explorer addresses the issue first described in Security Advisory 2934088 [2], and is hence the most important. Additionally, of notice is the MS14-014, which provides an update to address a security feature bypass in Silverlight. The issue wasn’t publicly known and it isn’t under active attack, however it can impact your security in ways that aren’t always obvious. Specifically, the update removes an avenue attackers could use to bypass ASLR protections. Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable [3]. Vulnerable systems ================== Microsoft Windows XP Microsoft Windows Server 2003 Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Windows 8 and Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows RT Windows RT 8.1 Microsoft Silverlight What can you do? ================ Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service. What to tell your users? ======================== N/A More information ================ [1] http://technet.microsoft.com/en-us/security/bulletin/ms14-mar [2] http://technet.microsoft.com/en-us/security/advisory/2934088 [3] http://blogs.technet.com/b/msrc/archive/2014/03/11/the-march-2014-security-updates.aspx Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTHx2vAAoJEPpzpNLI8SVo1NAP/jykOz5FNuQgaOot1kuu7DNg DAUb7Vc6G4rADdWs/8/9o4RPqYVYD1nceaiyvY0BOfkb0GHmmslrqzjPl110UYLn kEKvrwGdLnAcwG9tQDr0jSlBNKT4xHbEoyW6AMfFSL2ZPvlpbs91yRXqCjuFg4oS ws0r11PAW9FF6Ot+Wc5fGDfrNrj7Z2TrAoHvOgQjxNW0sWq0nz+aNC64v+HEI4fu s2+WZ/bW93LQtXRMiyiC2TThvkCj+eHRckZcKw9T6Yygku55HTB4ZvzSzqNXYnvJ H06WzkPIiL+oBwzKzrszW8uQKg1WMmRor562WSGpzu1viCve23VNWWs+/88lWYbX JcYcHtAHGDmCIi86+3Uz/NmsPyEZv2WqJCe1J+16s2Q7q9Bx7M3oozAJhjztV5pC 56CMeUpUrh9wDqZxHK9KDuypT0/Y3Vej+r08zBqKQJ55Acvo41Dp+oRJSz+uKZ4e qQkKPnraNogsK+TYiZSfn+zRl8x8uoW9wTsqxNydTZFDCx7UAU9XywlibdOEnjZy xMEy4GW3Y3dc9PC+YXv0eZFPUpiixPZKRTZQEG0XZXdsStVZShzvDEW/b5KgNQm/ z1tpTxI5DcJHA3lIXHlVaJNP5Ciy2uAgybWPVKj6iaueDVC1qCZ2XKvImbkzVXbo sEAw8t3gI2eHrFKsTQBF =KdH0 -----END PGP SIGNATURE-----