Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer.
The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable the Fix it to ensure RTF files will again render normally. At this time, we are still only aware of limited, targeted attacks directed at Microsoft Word 2010. The update will fully address all affected versions.
This Tuesday‘s release will offer the last security updates made available for Windows XP and Office 2003. Both of these products go out of support on April 8, 2014. If you are unsure about the impact this may have on your environment, I recommend you read the recent blog from Trustworthy Computing’s Tim Rains, which discusses some of the threats to Windows XP and provides guidance for small businesses and consumers.
As per our usual process, we’ve scheduled the security bulletin release for the second Tuesday of the month, April 8, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the risk and impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for security bulletin testing and deployment.
Finally, you can stay on top of the MSRC team’s recent activities by following us on Twitter at @MSFTSecResponse.
Group Manager, Response Communications
Microsoft Trustworthy Computing