Skip to main content
MSRC

2014

Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A

Friday, January 17, 2014

Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin (MS14-004), the update for Microsoft Word (MS14-001) and the re-release of the Windows 7 and Windows Server 2008 R2 updates provided through MS13-081.

Assessing risk for the January 2014 security updates

Tuesday, January 14, 2014

Today we released four security bulletins addressing six CVE’s. All four bulletins have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS14-002(NDProxy, a kernel-mode driver) Attacker able to run code at a low privilege level inside an application sandbox exploits this vulnerability to elevate privileges to SYSTEM.

Advance Notification Service for the January 2014 Security Bulletin Release

Thursday, January 09, 2014

Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486. We have only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own.